/**
* Check pre-requisites and instantiate attributes
*
* @param Array $args array of arguments (URL, GET, POST)
*
* @return boolean success flag
*/
function prepare($args)
{
parent::prepare($args);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
// Only allow POST requests
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
// TRANS: Client error displayed trying to perform any request method other than POST.
// TRANS: Do not translate POST.
$this->clientError(_m('This action only accepts POST requests.'));
}
// CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
// TRANS: Client error displayed when the session token is not okay.
$this->clientError(_m('There was a problem with your session token.' . ' Try again, please.'));
}
// Only for logged-in users
$this->user = common_current_user();
if (empty($this->user)) {
// TRANS: Error message displayed when trying to perform an action that requires a logged in user.
$this->clientError(_m('Not logged in.'));
}
// Profile to subscribe to
$this->search = $this->arg('search');
if (empty($this->search)) {
// TRANS: Client error displayed trying to subscribe to a non-existing profile.
$this->clientError(_m('No such profile.'));
}
return true;
}
function handle($args)
{
// Trigger short error responses; not a human-readable web page.
GNUsocial::setApi(true);
// We're not a general oEmbed proxy service; limit to valid sessions.
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
// TRANS: Client error displayed when the session token does not match or is not given.
$this->clientError(_m('There was a problem with your session token. ' . 'Try again, please.'));
}
$format = $this->arg('format');
if ($format && $format != 'json') {
// TRANS: Client exception thrown when requesting a different format than JSON.
throw new ClientException(_m('Invalid format; only JSON supported.'));
}
$url = $this->arg('url');
if (!common_valid_http_url($url)) {
// TRANS: Client exception thrown when not providing a valid URL.
throw new ClientException(_m('Invalid URL.'));
}
$params = array();
if ($this->arg('maxwidth')) {
$params['maxwidth'] = $this->arg('maxwidth');
}
if ($this->arg('maxheight')) {
$params['maxheight'] = $this->arg('maxheight');
}
$data = oEmbedHelper::getObject($url, $params);
$this->init_document('json');
print json_encode($data);
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
$this->user = common_current_user();
if (empty($this->user)) {
// TRANS: Client exception thrown trying to respond to a poll while not logged in.
throw new ClientException(_m('You must be logged in to respond to a poll.'), 403);
}
if ($this->isPost()) {
$this->checkSessionToken();
}
$id = $this->trimmed('id');
$this->poll = Poll::getKV('id', $id);
if (empty($this->poll)) {
// TRANS: Client exception thrown trying to respond to a non-existing poll.
throw new ClientException(_m('Invalid or missing poll.'), 404);
}
$selection = intval($this->trimmed('pollselection'));
if ($selection < 1 || $selection > count($this->poll->getOptions())) {
// TRANS: Client exception thrown responding to a poll with an invalid answer.
throw new ClientException(_m('Invalid poll selection.'));
}
$this->selection = $selection;
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
// short error results!
}
$rsvpId = $this->trimmed('rsvp');
if (empty($rsvpId)) {
// TRANS: Client exception thrown when referring to a non-existing RSVP ("please respond") item.
throw new ClientException(_m('No such RSVP.'));
}
$this->rsvp = RSVP::getKV('id', $rsvpId);
if (empty($this->rsvp)) {
// TRANS: Client exception thrown when referring to a non-existing RSVP ("please respond") item.
throw new ClientException(_m('No such RSVP.'));
}
$this->event = Happening::getKV('id', $this->rsvp->event_id);
if (empty($this->event)) {
// TRANS: Client exception thrown when referring to a non-existing event.
throw new ClientException(_m('No such event.'));
}
$this->user = common_current_user();
if (empty($this->user)) {
// TRANS: Client exception thrown when trying tp RSVP ("please respond") while not logged in.
throw new ClientException(_m('You must be logged in to RSVP for an event.'));
}
return true;
}
/**
* Check for an API key, and throw an exception if it's not set
*
* @param array $args URL and POST params
*
* @return boolean continuation flag
*/
function prepare($args)
{
GNUsocial::setApi(true);
// reduce exception reports to aid in debugging
parent::prepare($args);
if (!common_config('globalapi', 'enabled')) {
throw new ClientException(_('Global API not enabled.'), 403);
}
$apikey = $this->trimmed('apikey');
if (empty($apikey)) {
throw new ClientException(_('No API key.'), 403);
}
$expected = common_config('globalapi', 'key');
if ($expected != $apikey) {
// FIXME: increment a counter by IP address to prevent brute-force
// attacks on the key.
throw new ClientException(_('Bad API key.'), 403);
}
$email = common_canonical_email($this->trimmed('email'));
if (empty($email)) {
throw new ClientException(_('No email address.'));
}
if (!Validate::email($email, common_config('email', 'check_domain'))) {
throw new ClientException(_('Invalid email address.'));
}
$this->email = $email;
return true;
}
/**
* Load attributes based on database arguments
*
* Loads all the DB stuff
*
* @param array $args $_REQUEST array
*
* @return success flag
*/
protected function prepare(array $args = array())
{
parent::prepare($args);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
$this->notice = $this->getNotice();
if (!$this->notice->inScope($this->scoped)) {
// TRANS: Client exception thrown when trying a view a notice the user has no access to.
throw new ClientException(_('Access restricted.'), 403);
}
$this->profile = $this->notice->getProfile();
if (!$this->profile instanceof Profile) {
// TRANS: Server error displayed trying to show a notice without a connected profile.
$this->serverError(_('Notice has no profile.'), 500);
}
try {
$this->user = $this->profile->getUser();
} catch (NoSuchUserException $e) {
// FIXME: deprecate $this->user stuff in extended classes
$this->user = null;
}
try {
$this->avatar = $this->profile->getAvatar(AVATAR_PROFILE_SIZE);
} catch (Exception $e) {
$this->avatar = null;
}
return true;
}
protected function handle()
{
GNUsocial::setApi(true);
// Minimize error messages to aid in debugging
parent::handle();
if ($this->isPost()) {
return $this->handlePost();
}
return $this->handleGet();
}
protected function prepare(array $args = array())
{
GNUsocial::setApi(true);
// Send smaller error pages
parent::prepare($args);
if (!isset($_SERVER['CONTENT_TYPE'])) {
// TRANS: Client error. Do not translate "Content-type"
$this->clientError(_m('Salmon requires a Content-type header.'));
}
$envxml = null;
switch ($_SERVER['CONTENT_TYPE']) {
case 'application/magic-envelope+xml':
$envxml = file_get_contents('php://input');
break;
case 'application/x-www-form-urlencoded':
$envxml = Magicsig::base64_url_decode($this->trimmed('xml'));
break;
default:
// TRANS: Client error. Do not translate the quoted "application/[type]" strings.
$this->clientError(_m('Salmon requires "application/magic-envelope+xml". For Diaspora we also accept "application/x-www-form-urlencoded" with an "xml" parameter.', 415));
}
try {
if (empty($envxml)) {
throw new ClientException('No magic envelope supplied in POST.');
}
$magic_env = new MagicEnvelope($envxml);
// parse incoming XML as a MagicEnvelope
$entry = $magic_env->getPayload();
// Not cryptographically verified yet!
$this->activity = new Activity($entry->documentElement);
if (empty($this->activity->actor->id)) {
common_log(LOG_ERR, "broken actor: " . var_export($this->activity->actor->id, true));
common_log(LOG_ERR, "activity with no actor: " . var_export($this->activity, true));
// TRANS: Exception.
throw new Exception(_m('Received a salmon slap from unidentified actor.'));
}
// ensureProfiles sets $this->actor and $this->oprofile
$this->ensureProfiles();
} catch (Exception $e) {
common_debug('Salmon envelope parsing failed with: ' . $e->getMessage());
$this->clientError($e->getMessage());
}
// Cryptographic verification test
if (!$magic_env->verify($this->actor)) {
common_log(LOG_DEBUG, "Salmon signature verification failed.");
// TRANS: Client error.
$this->clientError(_m('Salmon signature verification failed.'));
}
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
$this->user = common_current_user();
if (empty($this->user)) {
throw new ClientException(_m("You must be logged in to answer to a question."), 403);
}
$id = substr($this->trimmed('id'), 7);
$this->answer = QnA_Answer::getKV('id', $id);
$this->question = $this->answer->getQuestion();
if (empty($this->answer) || empty($this->question)) {
throw new ClientException(_m('Invalid or missing answer.'), 404);
}
$this->answerText = $this->trimmed('answer');
return true;
}
protected function prepare(array $args = array())
{
// If we die, show short error messages.
GNUsocial::setApi(true);
parent::prepare($args);
$this->groups = array();
$this->profiles = array();
$term = $this->arg('term');
$limit = $this->arg('limit');
if ($limit > 200) {
$limit = 200;
}
//prevent DOS attacks
if (substr($term, 0, 1) == '@') {
//profile search
$term = substr($term, 1);
$profile = new Profile();
$profile->limit($limit);
$profile->whereAdd('nickname like \'' . trim($profile->escape($term), '\'') . '%\'');
$profile->whereAdd(sprintf('id in (SELECT id FROM user) OR ' . 'id in (SELECT subscribed from subscription' . ' where subscriber = %d)', $this->scoped->id));
if ($profile->find()) {
while ($profile->fetch()) {
$this->profiles[] = clone $profile;
}
}
}
if (substr($term, 0, 1) == '!') {
//group search
$term = substr($term, 1);
$group = new User_group();
$group->limit($limit);
$group->whereAdd('nickname like \'' . trim($group->escape($term), '\'') . '%\'');
//Can't post to groups we're not subscribed to...:
$group->whereAdd(sprintf('id in (SELECT group_id FROM group_member' . ' WHERE profile_id = %d)', $this->scoped->id));
if ($group->find()) {
while ($group->fetch()) {
$this->groups[] = clone $group;
}
}
}
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
$this->user = common_current_user();
if (empty($this->user)) {
// TRANS: Client exception thrown when trying to create a new bookmark while not logged in.
throw new ClientException(_m('Must be logged in to post a bookmark.'), 403);
}
if ($this->isPost()) {
$this->checkSessionToken();
}
$this->title = $this->trimmed('title');
$this->url = $this->trimmed('url');
$this->tags = $this->trimmed('tags');
$this->description = $this->trimmed('description');
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
$this->user = common_current_user();
if (empty($this->user)) {
throw new ClientException(_m("You must be logged in to close a question."), 403);
}
if ($this->isPost()) {
$this->checkSessionToken();
}
$id = substr($this->trimmed('id'), 9);
$this->question = QnA_Question::getKV('id', $id);
if (empty($this->question)) {
// TRANS: Client exception thrown trying to respond to a non-existing question.
throw new ClientException(_m('Invalid or missing question.'), 404);
}
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
common_debug("in qnanewanswer");
$this->user = common_current_user();
if (empty($this->user)) {
throw new ClientException(_m("You must be logged in to answer to a question."), 403);
}
if ($this->isPost()) {
$this->checkSessionToken();
}
$id = substr($this->trimmed('id'), 9);
$this->question = QnA_Question::getKV('id', $id);
if (empty($this->question)) {
throw new ClientException(_m('Invalid or missing question.'), 404);
}
$this->answerText = $this->trimmed('answer');
return true;
}
/**
* For initializing members of the class.
*
* @param array $argarray misc. arguments
*
* @return boolean true
*/
function prepare($argarray)
{
parent::prepare($argarray);
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
// short error results!
}
$eventId = $this->trimmed('event');
if (empty($eventId)) {
// TRANS: Client exception thrown when referring to a non-existing event.
throw new ClientException(_m('No such event.'));
}
$this->event = Happening::getKV('id', $eventId);
if (empty($this->event)) {
// TRANS: Client exception thrown when referring to a non-existing event.
throw new ClientException(_m('No such event.'));
}
$this->user = common_current_user();
if (empty($this->user)) {
// TRANS: Client exception thrown when trying to RSVP ("please respond") while not logged in.
throw new ClientException(_m('You must be logged in to RSVP for an event.'));
}
common_debug(print_r($this->args, true));
switch (strtolower($this->trimmed('submitvalue'))) {
case 'yes':
$this->verb = RSVP::POSITIVE;
break;
case 'no':
$this->verb = RSVP::NEGATIVE;
break;
case 'maybe':
$this->verb = RSVP::POSSIBLE;
break;
default:
// TRANS: Client exception thrown when using an invalid value for RSVP ("please respond").
throw new ClientException(_m('Unknown submit value.'));
}
return true;
}
/**
* Add a new Poll
*
* @return void
*/
function newPoll()
{
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
try {
if (empty($this->question)) {
// TRANS: Client exception thrown trying to create a poll without a question.
throw new ClientException(_m('Poll must have a question.'));
}
if (count($this->options) < 2) {
// TRANS: Client exception thrown trying to create a poll with fewer than two options.
throw new ClientException(_m('Poll must have at least two options.'));
}
// Notice options; distinct from choices for the poll
$options = array();
// Does the heavy-lifting for getting "To:" information
ToSelector::fillOptions($this, $options);
$saved = Poll::saveNew($this->user->getProfile(), $this->question, $this->options, $options);
} catch (ClientException $ce) {
$this->error = $ce->getMessage();
$this->showPage();
return;
}
if ($this->boolean('ajax')) {
$this->startHTML('text/xml;charset=utf-8');
$this->elementStart('head');
// TRANS: Page title after sending a notice.
$this->element('title', null, _m('Notice posted'));
$this->elementEnd('head');
$this->elementStart('body');
$this->showNotice($saved);
$this->elementEnd('body');
$this->endHTML();
} else {
common_redirect($saved->getUrl(), 303);
}
}
protected function prepare(array $args = array())
{
GNUsocial::setApi(true);
// reduce exception reports to aid in debugging
return parent::prepare($args);
}
/**
* Initialization.
*
* @param array $args Web and URL arguments
*
* @return boolean false if user doesn't exist
*/
protected function prepare(array $args = array())
{
GNUsocial::setApi(true);
// reduce exception reports to aid in debugging
parent::prepare($args);
$this->format = $this->arg('format');
$this->callback = $this->arg('callback');
$this->page = (int) $this->arg('page', 1);
$this->count = (int) $this->arg('count', 20);
$this->max_id = (int) $this->arg('max_id', 0);
$this->since_id = (int) $this->arg('since_id', 0);
// These two are not used everywhere, mainly just AtompubAction extensions
$this->offset = ($this->page - 1) * $this->count;
$this->limit = $this->count + 1;
if ($this->arg('since')) {
header('X-GNUsocial-Warning: since parameter is disabled; use since_id');
}
$this->source = $this->trimmed('source');
if (empty($this->source) || in_array($this->source, self::$reserved_sources)) {
$this->source = 'api';
}
return true;
}
/**
* Add a new Question
*
* @return void
*/
function newQuestion()
{
if ($this->boolean('ajax')) {
GNUsocial::setApi(true);
}
try {
if (empty($this->title)) {
// TRANS: Client exception thrown trying to create a question without a title.
throw new ClientException(_m('Question must have a title.'));
}
// Notice options
$options = array();
// Does the heavy-lifting for getting "To:" information
ToSelector::fillOptions($this, $options);
$saved = QnA_Question::saveNew($this->user->getProfile(), $this->title, $this->description, $options);
} catch (ClientException $ce) {
$this->error = $ce->getMessage();
$this->showPage();
return;
}
if ($this->boolean('ajax')) {
$this->startHTML('text/xml;charset=utf-8');
$this->elementStart('head');
// TRANS: Page title after sending a notice.
$this->element('title', null, _m('Question posted'));
$this->elementEnd('head');
$this->elementStart('body');
$this->showNotice($saved);
$this->elementEnd('body');
$this->endHTML();
} else {
common_redirect($saved->getUrl(), 303);
}
}
